"I boiled this down to there not being allocated enough resources for the virtual machine.  The second time was because of a SRU mismatch between the SRU installed on the FTD and the one installed on FMC.  Had to manually update the SRU on the FTD to solve this issue."

--- i have checked everything and seems resources are memory @30%, disk @10%

For SRU i think it has a mismatch but i am wondering why it has a mismatch, i even downloaded the latest SRU from the support site and deploy it to the FTD but the version in FTD is still outdated. do you have a tutorial or notes on how to manually update the SRU in FTD side?

So far  the deployment error has gone and did not show up again after the FMC reboot. but i need to fix this SRU mismatch between FTD and FMC. do you have a notes for this sir? Thank you in advance.

"With regard to the PBR flexconfig, I am assuming you have it set to Deployment: Once?  Change this to Deployment: Everytime.  Also I would suggest changing Type to be Append and not Prepend...if it is not already set to Append."

-- how to do (append/not prepend) this on the FMC side?

This is my flexconfig object.

i also noticed that "policy-route route-map" cli command is not supported anymore, maybe because of the FMC version or the Snort 3 version?

Thank Sir

Hi Sir, i wonder why i do not have PBR in my routing under devices. I even watched it in youtube that they have PBR in their devices -> routing using 7.2.x FMC version. Mine is 7.3.0. is it ok to go to 7.2.X? I am from 7.0.4 and jumped to 7.3.0 so technically i skipped 7.2.X. Is going down to lower version is the same process as going up? Like uploading the tar file and install it in FMC the usual way?

it is basically the same to down grade, but you need to make sure that you downgrade the FTDs first as the FMC will not be able to manage FTDs with a higher version.

Are you sure that you are running 7.3?  It should be present. If you are running 7.3 then this might be a bug.  Have you tried reloading the FMC?

https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/device-config/730/management-center-device-config-73/routing-policy-based.html#Cisco_Task.dita_27e089d1-6340-40e1-9abd-df12be8378c4

Hi Sir, my FMC is 7.3.0 but my FTD is still 7.0.4. Would that be safe to downgrade my FMC to 7.2.1?

Regarding PBR maybe the PBR in devices-> routing is missing because i am running 7.0.4 FTD and 7.3.0 FMC?

PBR is supported from 7.1 so it could be that your FTD is on 7.0 that is the problem why you are not seeing it in the GUI

https://www.cisco.com/c/en/us/td/docs/security/firepower/710/relnotes/firepower-release-notes-710/features.html

Hi Sir, the latest FTD upgrade i can get from the support site is 7.0.5 for ASA5508X. I am still waiting for a gold star suggested release so i can upgrade my FTD. Is there a schedule of what month would they release goldstar releases? 
thanks sir

The ASA5508X running FTD software only supports up to 7.0.x. So you will not be able to upgrade past this.

https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/compatibility/threat-defense-compatibility.html

would that mean that they will now stop producing FTD upgrades for ASA5508x? Is it okay to go higher as much as possible in FMC versions and just stick with the last FTD upgrade 7.0.5 forever?

According to the FTD compatibility document, 7.0.x is the highest FTD software version that is / will be supported for the ASA5508.  So yes, if you need PBR on the FTD software you need to upgrade your hardware.

https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/compatibility/threat-defense-compatibility.html

If you are interested in a write-up on doing the SRU rollback on the FMC (we did the FMC rollback as this would save time instead of rolling back 16 other devices), you can find the write-up here.